The PolySwarm Blog

Executive Summary

Recent developments involving Iran illustrate how states with degraded or constrained cyber capabilities may shift toward signals intelligence and electronic warfare to compensate for reduced offensive cyber capacity. Following recent strikes and internet disruptions that limited Iran’s ability to coordinate sophisticated cyber operations, analysts observed a greater reliance on intelligence collection, proxy activity, and electronic-domain pressure operations. Accordingly, PolySwarm analysts chose to highlight another potential flashpoint, Cuba, which similarly lacks robust offensive cyber capability and would likely rely on signals intelligence, electronic surveillance, and electronic warfare activities in the event of escalating confrontation. Although Cuba lacks advanced offensive cyber or electronic warfare capabilities comparable to major cyber powers, the island’s geography enables monitoring of critical telecommunications, maritime routes, and military communications across the Caribbean.

Key Takeaways

• Cuba functions primarily as a signals intelligence collection platform positioned near US communications networks rather than a major offensive cyber power.
• The island’s proximity to Florida places it within monitoring range of military communications, maritime traffic, telecommunications infrastructure, and space launch telemetry originating from the southeastern United States.
• The Caribbean corridor between Florida and Cuba represents one of the densest electronic monitoring environments in the Western Hemisphere, with overlapping intelligence collection by multiple states.
• Ongoing geopolitical tensions, particularly Cuba’s energy crisis and declining Venezuelan support, may increase incentives for intelligence collection and strategic signaling.
• In a crisis scenario, the most plausible threats associated with the region include signals interception, cyber espionage, telecommunications disruption, or deniable unmanned aerial operations launched from maritime platforms.

Background

This assessment is based on open-source reporting, historical intelligence analysis, and publicly available information regarding Cuban military capabilities, regional telecommunications infrastructure, and geopolitical developments in the Caribbean. Key areas of analysis draw upon historical reporting on Cuban signals intelligence facilities, regional military posture, and telecommunications infrastructure distribution. Confidence in this assessment is moderate due to limited transparency surrounding Cuban intelligence operations and the classified nature of signals intelligence activities. However, the geographic and infrastructural factors discussed in this report are well-established and widely acknowledged in regional security analysis.

Geopolitical Context and Current Tensions

Recent geopolitical developments have increased strategic pressure on Cuba and heightened tensions across the Caribbean security environment. For decades, Cuba relied heavily on subsidized oil shipments from Venezuela, particularly under the government of Nicolás Maduro. Venezuelan crude shipments historically served as a critical energy lifeline for the Cuban economy, supporting electricity generation, transportation infrastructure, and industrial activity.

However, Venezuela’s prolonged economic instability and declining oil production have significantly reduced the reliability of these shipments. Energy disruptions have contributed to recurring fuel shortages, electricity rationing, and grid instability within Cuba, placing additional pressure on the Cuban government. These tensions have been compounded by regional instability following the 2026 United States intervention in Venezuela, which disrupted one of Cuba’s most important political and economic partnerships.

At the same time, relations between the United States and Cuba remain strained. The United States continues to enforce economic sanctions and maintain the longstanding embargo against Havana. Cuba’s historic intelligence cooperation with geopolitical competitors of the United States further complicates bilateral relations. US Secretary of State Marco Rubio has publicly stated that the status quo in Cuba is unacceptable and has been actively involved in diplomatic discussions related to the island’s political future, underscoring the administration’s focus on the issue. President Trump has also made comments that appear to indicate there may be future action involving Cuba, suggesting Cuba is on the administration’s strategic agenda.

These dynamics increase the likelihood that Cuba will prioritize intelligence collection and strategic awareness activities focused on US military posture, communications infrastructure, and regional activity within the Caribbean basin.

Strategic Context: Cuba as an Intelligence Hub

Cuba occupies one of the most strategically advantageous geographic positions in the Western Hemisphere. Situated near major US military installations and telecommunications infrastructure, the island lies along critical maritime and aviation corridors connecting North America, Latin America, and Europe.

This location places Cuba within monitoring range of:

• US military communications networks in the southeastern United States
• Commercial telecommunications infrastructure connecting the Americas
• Maritime shipping routes entering the Gulf of Mexico
• Aviation communications linking North and South America
• Satellite and space launch telemetry transmissions originating from Florida

As a result, Cuba has historically functioned less as a conventional military power and more as an intelligence observation platform positioned near the United States. Signals traversing the region include satellite communications, maritime radio transmissions, aviation control signals, and large volumes of commercial telecommunications data. Even when encrypted, these signals can provide valuable intelligence through traffic analysis, signal signatures, and emitter identification.

Legacy Signals Intelligence Infrastructure

During the Cold War, the Soviet Union constructed a major interception complex at the Lourdes SIGINT facility, which monitored large volumes of US communications traffic. At its peak the facility reportedly hosted hundreds of intelligence personnel and intercepted diplomatic, military, and satellite communications signals from across the southeastern United States.

Although Russia closed the facility in 2001, Cuba retained much of the technical expertise and infrastructure associated with signals interception operations. Analysts assess that elements of these capabilities likely remain operational today and may be supplemented through technical cooperation with foreign intelligence partners. Because of the island’s proximity to the United States, even relatively modest surveillance systems positioned in Cuba can capture valuable signals from regional communications networks.

Electronic Warfare Capabilities

Electronic warfare capabilities within Cuba fall primarily under the Cuban Revolutionary Armed Forces, which oversees military intelligence and communications monitoring.

Cuba’s EW posture focuses primarily on electronic surveillance and signal detection, including:

• Wideband radio interception systems
• Radar signal monitoring
• Direction-finding equipment used to locate signal emitters
• Maritime and aviation communications monitoring

These systems enable Cuban analysts to detect and characterize electronic emissions from naval vessels, aircraft communications systems, and satellite links operating across the Caribbean region. Cuba’s air-defense network also contributes to electronic detection capabilities. Radar systems associated with Soviet-era surface-to-air missile platforms can provide aircraft tracking and early warning coverage.

While technologically outdated compared to modern systems, Cuba’s radar networks remain capable of detecting aircraft activity and electronic emissions within Cuban airspace and nearby maritime areas. Limited electronic attack capabilities likely exist, including localized radio-frequency jamming and communications interference. However, Cuba is not known to operate modern electronic warfare platforms such as mobile spectrum warfare systems, electronic attack aircraft, or advanced satellite disruption systems.

Unexplained health incidents affecting US diplomatic personnel in Havana beginning in 2016 also drew international attention to the electromagnetic environment in Cuba. Investigations examined whether exposure to directed radio frequency or microwave energy could explain the symptoms reported by some personnel. US intelligence assessments have not reached a definitive conclusion regarding the cause of these incidents, and attribution remains disputed. However, the episode highlighted the strategic relevance of the electromagnetic spectrum and signals intelligence activity in the region.

Cyber and Digital Capabilities

Cuba’s cyber posture is primarily oriented toward surveillance and domestic information control rather than large-scale offensive cyber operations.

The Cuban government maintains centralized control over domestic telecommunications infrastructure and internet service providers. Authorities have demonstrated the capability to:

• Restrict internet access
• Throttle mobile data networks
• Monitor digital communications
• Block messaging platforms during periods of unrest

These tools are used primarily for domestic security and information management rather than external cyber operations. At present, there is an absence of publicly documented, credible incidents in which the Cuban government or state-sponsored actors based in Cuba have been attributed as the originator of significant outbound offensive cyber activities targeting foreign entities. It is also worth noting that industry analysts have assessed “Cuba Ransomware”, despite the name, did not likely originate from Cuba.

Intelligence Partnerships

Cuba’s intelligence relevance increases through cooperation with larger intelligence powers. Historically, Soviet and later Russian intelligence services operated signals interception infrastructure on the island. More recently, analysts have suggested the possibility of expanded technical cooperation involving telecommunications monitoring systems. China also reportedly has access to intelligence gathered by Cuban entities.

Such partnerships could enable foreign intelligence services to collect signals from:

• US military communications networks
• Satellite transmissions and space launch telemetry
• Commercial telecommunications infrastructure
• Maritime and aviation communications traffic

In this capacity, Cuba functions as a collection platform enabling proximity-based signals intelligence against US communications networks.

Undersea Telecommunications Infrastructure Risks

The Caribbean region surrounding Cuba hosts multiple undersea fiber-optic cables that carry internet and telecommunications traffic between North America, Latin America, and Europe. Major cable landing points in Florida connect global telecommunications networks to the broader internet infrastructure of the United States.

While encrypted traffic cannot easily be decrypted, monitoring cable routes or telecommunications infrastructure could reveal:

• Communications flow patterns
• Network architecture
• Operational communications surges during crises

In a crisis scenario, undersea cable infrastructure in the Caribbean could represent a potential target for disruption or sabotage. Such operations would likely involve physical damage to cable systems rather than purely cyber intrusion.

Maritime and Electronic Surveillance

The Caribbean basin is one of the busiest maritime regions in the Western Hemisphere. Monitoring maritime radio transmissions, radar emissions, and satellite communications can reveal patterns of naval and commercial shipping activity.

Signals monitoring systems positioned in Cuba could track:

• US naval patrols
• Coast Guard operations
• Commercial shipping traffic entering the Gulf of Mexico
• Aircraft operating across the Caribbean

Signals intelligence techniques such as radar signature analysis allow analysts to identify vessel classes or aircraft types based on their electronic emissions.

Additionally, the Cuba-Florida corridor represents one of the most active electronic monitoring environments in the Western Hemisphere. US intelligence agencies operate extensive surveillance systems throughout the region, including those associated with the National Security Agency and United States Southern Command. Additionally, the Naval Station Guantanamo Bay provides a permanent American monitoring presence on the island itself. The result is a dense intelligence environment characterized by continuous electronic monitoring, communications analysis, and signal detection across the region.

Escalation Indicators

Several developments could signal a worsening security environment between the United States and Cuba:

• Breakdown of diplomatic engagement: Failure of diplomatic negotiations or the suspension of formal dialogue between Washington and Havana could increase the risk of miscalculation and reduce mechanisms for crisis de-escalation. Similar diplomatic breakdowns have preceded military escalation in other geopolitical crises, including recent tensions involving Iran.
• Expansion of foreign intelligence infrastructure: An increase in foreign technical personnel or signals interception equipment operating from Cuban territory could indicate expanded monitoring of US communications networks.
• Heightened maritime incidents: Confrontations involving vessels or unmanned systems operating near Cuban territorial waters could increase the risk of escalation through miscalculation.
• Communications infrastructure disruption: Attempts to interfere with telecommunications systems, navigation networks, or regional communications infrastructure could indicate escalation within the intelligence domain.
• Domestic instability in Cuba: Sustained protests, prolonged power shortages, or political instability could incentivize the Cuban government to adopt a more confrontational external posture. Ongoing demonstrations driven by economic hardship and energy shortages may signal increasing internal tensions and the potential for broader anti-government unrest.

Potential Threat Scenarios

While large-scale cyber attacks originating from Cuba remain unlikely, several threat scenarios represent credible intelligence or security risks within the Caribbean operational environment:

• Signals interception and communications monitoring: Cuban or partner intelligence systems may conduct sustained monitoring of telecommunications, maritime radio signals, and aviation communications across the Caribbean basin.

• Electronic surveillance of military activity: Signals collection platforms could be used to observe US naval deployments, military exercises, and satellite communications patterns.

• Cyber espionage: Limited cyber capabilities may support intelligence collection against diplomatic networks, communications infrastructure, or regional systems.

• Undersea telecommunications disruption: In a crisis scenario, sabotage or damage to undersea telecommunications cables in the Caribbean could disrupt regional internet connectivity.

Unmanned aerial operations: Small unmanned aerial systems (drones) launched from maritime platforms could potentially conduct reconnaissance or limited disruptive operations against targets in the southeastern United States. The relatively short distance between Cuba and Florida increases the feasibility of such operations if supported by relay systems or offshore launch platforms.

Don’t have a PolySwarm account? Go here to sign up for a free Community plan or subscribe.

Contact us at hivemind@polyswarm.io | Check out our blog | Subscribe to our reports.